CVE-2019-12719
Description
An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. There is an incorrect access control vulnerability that can allow an unauthenticated user to upload files via a modified authority parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unauthenticated attacker can upload arbitrary files to AUO SunVeillance Monitoring System before v1.1.9e by modifying the authority parameter on Picture_Manage_mvc.aspx.
Vulnerability
An incorrect access control vulnerability exists in the Picture_Manage_mvc.aspx page of the AUO SunVeillance Monitoring System prior to version v1.1.9e [1]. The page exposes two parameters, Act and authority. While a guest user is normally restricted from uploading pictures, the authority parameter is not properly validated on the server [1]. By changing the default guest authority value of 40 to 100, the upload button becomes enabled without any authentication [1]. This allows any unauthenticated user to reach the file upload code path [1].
Exploitation
An attacker needs only network access to the web interface [1]. No authentication, session token, or special user role is required [1]. The steps are: (1) navigate to /Solar_Web_Portal/Picture_Manage_mvc.aspx without logging in; (2) modify the authority POST/GET parameter from 40 to 100; (3) the upload form becomes functional and the attacker can submit a file [1]. The file is stored server-side [1].
Impact
A successful attacker can upload arbitrary files to the server [1]. The impact depends on the server's file storage location and subsequent processing—if uploaded files are accessible or executed, the attacker could achieve remote code execution, information disclosure, or defacement [1]. At a minimum, the integrity of the system is compromised [1].
Mitigation
AUO released version v1.1.9e to fix the issue [1]. All installations running earlier versions should be updated to v1.1.9e or later [1]. There are no known workarounds; the vulnerable authority parameter logic must be corrected by the vendor patch [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- AUO/SunVeillance Monitoring Systemdescription
- Range: < v1.1.9e
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The server trusts the client-supplied `authority` parameter to enforce access control, allowing an unauthenticated user to escalate privileges by changing the value from 40 to 100."
Attack vector
An unauthenticated attacker accesses the picture management page at `/Solar_Web_Portal/Picture_Manage_mvc.aspx` without any session or credentials [ref_id=1]. The page exposes an `Act` and `authority` parameter; by changing `authority` from 40 (guest) to 100 (administrator), the upload button becomes enabled [ref_id=1]. The attacker can then upload arbitrary files to the server, bypassing all authentication checks [ref_id=1].
Affected code
The vulnerable page is `/Solar_Web_Portal/Picture_Manage_mvc.aspx`. The authority parameter in this page controls access; a value of 40 corresponds to a guest role, while 100 grants administrative privileges [ref_id=1]. No patch files are included in the bundle.
What the fix does
The advisory states that the issue is resolved in version v1.1.9e of the AUO SunVeillance Monitoring System [ref_id=1]. No patch diff is provided in the bundle, so the exact code change is unknown. The fix likely involves enforcing server-side authorization checks on the `authority` parameter rather than trusting the client-supplied value.
Preconditions
- authNo authentication required; the attacker can be completely unauthenticated
- networkNetwork access to the vulnerable /Solar_Web_Portal/Picture_Manage_mvc.aspx endpoint
- inputThe attacker must modify the 'authority' parameter from 40 to 100 in the HTTP request
Reproduction
1. Access `http://
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- drive.google.com/openmitrex_refsource_MISC
- www.exploit-db.com/exploits/47541mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.